Powershell Encryption, Compression, Base64 Encoding with C# Streams

AESDecrypt.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

# Read the Salt
$Salt = New-Object Byte[](32)
$BytesRead = $InputStream.Read($Salt, 0, $Salt.Length)
if ( $BytesRead -ne $Salt.Length ) {
  Write-Host 'Failed to read Salt from file'
  exit
}

# Generate PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)

# Setup our decryptor
$AES = New-Object Security.Cryptography.AesManaged
$Dec = $AES.CreateDecryptor($AESKey, $AESIV)

$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read)

$CryptoStream.CopyTo($OutputStream)
$OutputStream.Dispose()

AESEncrypt.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$Salt = New-Object Byte[](32)
$Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$Prng.GetBytes($Salt)

# Derive random bytes using PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
#$HMACKey = $PBKDF2.GetBytes(20)
#$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

# Setup our encryptor
$AES = New-Object Security.Cryptography.AesManaged
$Enc = $AES.CreateEncryptor($AESKey, $AESIV)

# Write our Salt now, then append the encrypted data
$OutputStream.Write($Salt, 0, $Salt.Length)

$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $OutputStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write)

$InputStream.CopyTo($CryptoStream)
$CryptoStream.Dispose()

AESHMACBase64Decrypt.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$B64Transform = New-Object System.Security.Cryptography.FromBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read)

# Read the Salt
$Salt = New-Object Byte[](32)
$BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length)
if ( $BytesRead -ne $Salt.Length ) {
  Write-Host 'Failed to read Salt from file'
  exit
}

# Generate PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

$Code    = New-Object Byte[](20)
$BytesRead = $Base64Stream.Read($Code, 0, $Code.Length)
if ( $BytesRead -ne $Code.Length ) {
  Write-Host 'Failed to read HMAC from file'
  exit
}

$CryptedStream = New-Object IO.MemoryStream
$Base64Stream.CopyTo($CryptedStream)
$Base64Stream.Flush()

[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)
if (Compare-Object $Auth ($Code) -SyncWindow 0) {
  Write-Host 'Checksum failure.'
  exit
}

# Setup our decryptor
$AES = New-Object Security.Cryptography.AesManaged
$Dec = $AES.CreateDecryptor($AESKey, $AESIV)

[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read)

$CryptoStream.CopyTo($OutputStream)
$OutputStream.Dispose()

AESHMACBase64Encrypt.ps1

#!/usr/bin/env powershell

param (
  [String]$InputFile,
  [String]$OutputFile,
  [String]$Password="pa55w0rd",
  [String]$UseSalt
)

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

if ( $UseSalt ) {
  $String = $UseSalt.ToLower() -replace '[^a-f0-9]',''
  $Salt   = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}})
} else {
  $Salt = New-Object Byte[](32)
  $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
  $Prng.GetBytes($Salt)
}

# Derive random bytes using PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

# Setup our encryptor
$AES = New-Object Security.Cryptography.AesManaged
$Enc = $AES.CreateEncryptor($AESKey, $AESIV)

# Write our Salt now, then append the encrypted data
$B64Transform = New-Object System.Security.Cryptography.ToBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write)

$Base64Stream.Write($Salt, 0, $Salt.Length)

# Write out crypted data to memory
$CryptedStream = New-Object IO.MemoryStream
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write)

$InputStream.CopyTo($CryptoStream)
$CryptoStream.FlushFinalBlock()

# Compute our HMAC
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)

# Write out our HMAC
$Base64Stream.Write($Auth, 0, $Auth.Length)

# Write out out encrypted data
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$CryptedStream.CopyTo($Base64Stream)
#$Base64Stream.Dispose() # Required to flush all the bytes through
$OutputStream.Dispose()

AESHMACBase64GZipDecrypt.ps1

#!/usr/bin/env powershell

param (
  [String]$InputFile,
  [String]$OutputFile,
  [String]$Password="pa55w0rd"
)

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$B64Transform = New-Object System.Security.Cryptography.FromBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read)

# Read the Salt
$Salt = New-Object Byte[](32)
$BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length)
if ( $BytesRead -ne $Salt.Length ) {
  Write-Host 'Failed to read Salt from file'
  exit
}

# Generate PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

$Code    = New-Object Byte[](20)
$BytesRead = $Base64Stream.Read($Code, 0, $Code.Length)
if ( $BytesRead -ne $Code.Length ) {
  Write-Host 'Failed to read HMAC from file'
  exit
}

Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower()
Write-Host "HMAC:", ([System.BitConverter]::ToString($Code) -replace "-").ToLower()
Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower()
Write-Host "IV:  ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower()
Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower()

$CryptedStream = New-Object IO.MemoryStream
$Base64Stream.CopyTo($CryptedStream)
$Base64Stream.Flush()

[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)
if (Compare-Object $Auth ($Code) -SyncWindow 0) {
  Write-Host "AUTH:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower(), "failed"
  #exit
}

# Setup our decryptor
$AES = New-Object Security.Cryptography.AesManaged
$Dec = $AES.CreateDecryptor($AESKey, $AESIV)

[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read)

$GzipStream = New-Object System.IO.Compression.GZipStream(
  $CryptoStream, [IO.Compression.CompressionMode]::Decompress)

$GzipStream.CopyTo($OutputStream)
$OutputStream.Dispose()

AESHMACBase64GZipEncrypt.ps1

#!/usr/bin/env powershell

param (
  [String]$InputFile,
  [String]$OutputFile,
  [String]$Password="pa55w0rd",
  [String]$UseSalt
)

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

if ( $UseSalt ) {
  $String = $UseSalt.ToLower() -replace '[^a-f0-9]',''
  $Salt   = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}})
} else {
  $Salt = New-Object Byte[](32)
  $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
  $Prng.GetBytes($Salt)
}

# Derive random bytes using PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

# Setup our encryptor
$AES = New-Object Security.Cryptography.AesManaged
$Enc = $AES.CreateEncryptor($AESKey, $AESIV)

# Write our Salt now, then append the encrypted data
$B64Transform = New-Object System.Security.Cryptography.ToBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write)

$Base64Stream.Write($Salt, 0, $Salt.Length)

# Write out crypted data to memory
$CryptedStream = New-Object IO.MemoryStream
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write)

# think we want to GZIP around the InputStream
$GzipStream = New-Object System.IO.Compression.GZipStream(
  $CryptoStream, [IO.Compression.CompressionMode]::Compress)

$InputStream.CopyTo($GzipStream)
$GzipStream.Flush()
$CryptoStream.FlushFinalBlock()

# Compute our HMAC
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)

# Write out our HMAC
$Base64Stream.Write($Auth, 0, $Auth.Length)

Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower()
Write-Host "HMAC:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower()
Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower()
Write-Host "IV:  ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower()
Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower()

# Write out out encrypted data
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$CryptedStream.CopyTo($Base64Stream)
$CryptedStream.Flush()
$Base64Stream.FlushFinalBlock()
$OutputStream.Dispose()

AESHMACBase64OptGZipDecrypt.ps1

#!/usr/bin/env powershell

param (
  [String]$InputFile,
  [String]$OutputFile,
  [String]$Password="pa55w0rd"
)

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$B64Transform = New-Object System.Security.Cryptography.FromBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read)

# Read the Salt
$Salt = New-Object Byte[](32)
$BytesRead = $Base64Stream.Read($Salt, 0, $Salt.Length)
if ( $BytesRead -ne $Salt.Length ) {
  Write-Host 'Failed to read Salt from file'
  exit
}

# Generate PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

$Code    = New-Object Byte[](20)
$BytesRead = $Base64Stream.Read($Code, 0, $Code.Length)
if ( $BytesRead -ne $Code.Length ) {
  Write-Host 'Failed to read HMAC from file'
  exit
}

Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower()
Write-Host "HMAC:", ([System.BitConverter]::ToString($Code) -replace "-").ToLower()
Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower()
Write-Host "IV:  ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower()
Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower()

$CryptedStream = New-Object IO.MemoryStream
$Base64Stream.CopyTo($CryptedStream)
$Base64Stream.Flush()

[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)
if (Compare-Object $Auth ($Code) -SyncWindow 0) {
  Write-Host "AUTH:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower(), "failed"
  #exit
}

# Setup our decryptor
$AES = New-Object Security.Cryptography.AesManaged

# Setup the crypto-stream
[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$Decryptor = $AES.CreateDecryptor($AESKey, $AESIV)
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Read)

# Get the first byte so we can check to see if is compressed or not
$FirstByte = $CryptoStream.ReadByte()

# Setup the crypto-stream again because we can't seek...
[void]$CryptedStream.Seek(0, [System.IO.SeekOrigin]::Begin)
$Decryptor = $AES.CreateDecryptor($AESKey, $AESIV)
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Decryptor, [System.Security.Cryptography.CryptoStreamMode]::Read)

if ($FirstByte -eq 0x1F) {
  $GzipStream = New-Object System.IO.Compression.GZipStream(
    $CryptoStream, [IO.Compression.CompressionMode]::Decompress)
  $GzipStream.CopyTo($OutputStream)
} else {
  $CryptoStream.CopyTo($OutputStream)
}

$OutputStream.Dispose()

AESHMACBase64OptGZipEncrypt.ps1

#!/usr/bin/env powershell

param (
  [String]$InputFile,
  [String]$OutputFile,
  [String]$Password="pa55w0rd",
  [String]$UseSalt,
  [switch]$Compress=$false
)

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

if ( $UseSalt ) {
  $String = $UseSalt.ToLower() -replace '[^a-f0-9]',''
  $Salt   = @($String -split '([a-f0-9]{2})' | foreach-object { if ($_) {[System.Convert]::ToByte($_,16)}})
} else {
  $Salt = New-Object Byte[](32)
  $Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
  $Prng.GetBytes($Salt)
}

# Derive random bytes using PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

# Setup our encryptor
$AES = New-Object Security.Cryptography.AesManaged
$Enc = $AES.CreateEncryptor($AESKey, $AESIV)

# Write our Salt now, then append the encrypted data
$B64Transform = New-Object System.Security.Cryptography.ToBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write)

$Base64Stream.Write($Salt, 0, $Salt.Length)

# Write out crypted data to memory
$CryptedStream = New-Object IO.MemoryStream
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write)

# think we want to GZIP around the InputStream
if ($Compress) {
  $GzipStream = New-Object System.IO.Compression.GZipStream(
    $CryptoStream, [IO.Compression.CompressionMode]::Compress)

  $InputStream.CopyTo($GzipStream)
  $GzipStream.Flush()
} else {
  $InputStream.CopyTo($CryptoStream)
}

$CryptoStream.FlushFinalBlock()

# Compute our HMAC
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)

# Write out our HMAC
$Base64Stream.Write($Auth, 0, $Auth.Length)

Write-Host "SALT:", ([System.BitConverter]::ToString($Salt) -replace "-").ToLower()
Write-Host "HMAC:", ([System.BitConverter]::ToString($Auth) -replace "-").ToLower()
Write-Host "KEY: ", ([System.BitConverter]::ToString($AESKey) -replace "-").ToLower()
Write-Host "IV:  ", ([System.BitConverter]::ToString($AESIV) -replace "-").ToLower()
Write-Host "MAC: ", ([System.BitConverter]::ToString($HMACKey) -replace "-").ToLower()

# Write out out encrypted data
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$CryptedStream.CopyTo($Base64Stream)
$CryptedStream.Flush()
$Base64Stream.FlushFinalBlock()
$OutputStream.Dispose()

AESHMACDecrypt.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

# Read the Salt
$Salt = New-Object Byte[](32)
$BytesRead = $InputStream.Read($Salt, 0, $Salt.Length)
if ( $BytesRead -ne $Salt.Length ) {
  Write-Host 'Failed to read Salt from file'
  exit
}

# Generate PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

$Code    = New-Object Byte[](20)
$BytesRead = $InputStream.Read($Code, 0, $Code.Length)
if ( $BytesRead -ne $Code.Length ) {
  Write-Host 'Failed to read HMAC from file'
  exit
}

[void]$InputStream.Seek(52, [System.IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($InputStream)
if (Compare-Object $Auth ($Code) -SyncWindow 0) {
  Write-Host 'Checksum failure.'
  exit
}

# Setup our decryptor
$AES = New-Object Security.Cryptography.AesManaged
$Dec = $AES.CreateDecryptor($AESKey, $AESIV)

[void]$InputStream.Seek(52, [System.IO.SeekOrigin]::Begin)
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $Dec, [System.Security.Cryptography.CryptoStreamMode]::Read)

$CryptoStream.CopyTo($OutputStream)
$OutputStream.Dispose()

AESHMACEncrypt.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile, [String]$Password="pa55w0rd" )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$Salt = New-Object Byte[](32)
$Prng = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
$Prng.GetBytes($Salt)

# Derive random bytes using PBKDF2 from Salt and Password
$PBKDF2 = New-Object System.Security.Cryptography.Rfc2898DeriveBytes(
  $Password, $Salt)

# Get our AES key, iv and hmac key from the PBKDF2 stream
$AESKey  = $PBKDF2.GetBytes(32)
$AESIV   = $PBKDF2.GetBytes(16)
$HMACKey = $PBKDF2.GetBytes(20)
$HMAC    = New-Object System.Security.Cryptography.HMACSHA1(,$HMACKey)

# Setup our encryptor
$AES = New-Object Security.Cryptography.AesManaged
$Enc = $AES.CreateEncryptor($AESKey, $AESIV)

# Write our Salt now, then append the encrypted data
$OutputStream.Write($Salt, 0, $Salt.Length)

# Write out crypted data to memory
$CryptedStream = New-Object IO.MemoryStream
$CryptoStream = New-Object System.Security.Cryptography.CryptoStream(
  $CryptedStream, $Enc, [System.Security.Cryptography.CryptoStreamMode]::Write)

$InputStream.CopyTo($CryptoStream)
$CryptoStream.FlushFinalBlock()

# Compute our HMAC
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$Auth = $HMAC.ComputeHash($CryptedStream)

# Write out our HMAC
$OutputStream.Write($Auth, 0, $Auth.Length)

# Write out out encrypted data
[void]$CryptedStream.Seek(0, [IO.SeekOrigin]::Begin)
$CryptedStream.CopyTo($OutputStream)
$OutputStream.Dispose()

Base64Decode.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$B64Transform = New-Object System.Security.Cryptography.FromBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $InputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Read)

$Base64Stream.CopyTo($OutputStream)
$OutputStream.Dispose() # Required to flush the content to disk

Base64Encode.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$B64Transform = New-Object System.Security.Cryptography.ToBase64Transform
$Base64Stream = New-Object System.Security.Cryptography.CryptoStream(
  $OutputStream, $B64Transform, [System.Security.Cryptography.CryptoStreamMode]::Write)

$InputStream.CopyTo($Base64Stream)
$Base64Stream.Dispose() # Required to flush all the bytes through

GzipDeflate.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$GzipStream = New-Object System.IO.Compression.GZipStream(
  $OutputStream, [IO.Compression.CompressionMode]::Compress)

$InputStream.CopyTo($GzipStream)
$GzipStream.Dispose()

GzipInflate.ps1

#!/usr/bin/env powershell

param ( [String]$InputFile, [String]$OutputFile )

$InputStream = New-Object IO.FileStream($InputFile,
  [IO.FileMode]::Open, [IO.FileAccess]::Read)
$OutputStream = New-Object IO.FileStream($OutputFile,
  [IO.FileMode]::Create, [IO.FileAccess]::Write)

$GzipStream = New-Object System.IO.Compression.GZipStream(
  $InputStream, [IO.Compression.CompressionMode]::Decompress)

$GzipStream.CopyTo($OutputStream)
$OutputStream.Dispose()